Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


ESET - Malicious Email Campaign Exploits Just Concluded G20 Summit

ESET, a security firm, says that a fresh targeted attack has been using the just concluded G20 summit as a lure which was held at Brisbane, Australia (November 15-16, 2014).

ESET noted that Tibetan-based NGOs or [non-Governmental Organizations] are continuously being attacked especially with malware which using GH0stRAT Trojan, a remote access tool. In this incident, an identified sample had a very few detections but both the strikes were in China.

ESET said after a rapid analysis that they saw magic word employed in network communications by this example was "LURKO" instead of infamous "Gh0st" and added that this specific word has been employed against Tibet-based groups in the past.

The email requests its recipient to join a rally for Tibet at the G20 Brisbane summit. It says that Tibetans and its supporters in Australia and also internationally is calling on main Governments of world to take actions jointly to address the crisis of human rights in Tibet. Hence, like-minded Governments are requested to take a stand by their familiar democratic value and support Tibet.

This is classic spear phishing case and the malicious actor is trying to trick the Internaut into opening the tainted attachment with the help of a rally which is organized by the Australian Tibet Council. In fact, the text of the email was directly taken off their website.

Welivesecurity.com published news on 14th November, 2014 quoting ESET as saying that this email was mailed to the European Central Tibetan Administration.

After analysis, the word document named: "A_Solution_ for _Tibet.doc" is exploiting CVE-2012-0158 which is a very old flaw and still it is used by malicious criminals to hijack systems throughout the world. When clicked open, the malicious document will install the infamous Gh0st RAT on user's machine.

Obviously, once Gh0st RAT is installed, it connects to the Command and Control Centre enabling the operator to control that user's computer remotely which destroys the privacy of the protester leaving them completely vulnerable to spied upon, manipulation or other interference.

ESET observes that these kinds of attacks can be mitigated by avoiding opening email attachments from unknown sources and by installing updated software on computers.

ยป SPAMfighter News - 11/24/2014

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page